RECon2006

Ted Unangst - Secure Development with Static Analysis

Static source code analysis has evolved rapidly in the past few years
into a powerful developmental aid. However, many developers'
perceptions of static analysis are incorrect. Analysis techniques are
more advanced than many people realize, but also not the magic bullet
many hope for. Successful utilization and integration of static
analysis requires understanding its possibilities and limits. This talk
is primarily targeted at security concious software developers and
consultants. It's intended to be vendor-neutral, and will cover
commerical and academic (including free/open source) tools.

Bio

Ted Unangst has been working on and with static analysis tools since
2001, when he started working with Stanford's Metacompilation group, and
is presently a software engineer at Coverity, makers of advanced source
code analysis solutions. He is also an OpenBSD developer.